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£^ (57) Abstract: A system lor emulating a local are network on top of a global communication network (4). the system comprising 
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relaying messages to all clients in the emulated local area network. The system is characterized in that said broadcast functionality is 
distributed and implemented in more than one network unit node in the emulated local area network. The global network is preferably 
an IP network, such as the Internet, and act as a backbone for the emulated local area network. 
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DISTRIBUTED SERVER FUNCTIONALITY FOR EMULATED LAN 



Field if the inventio n 

» ■ 

The invention relates in general to computer networks and more in particular 
to enabling mechanisms for delegation and distribution of centralised network 
server functions to the edge of computer networks. Specifically, the invention 
relates to distributed broadcast server functionality used for emulated local area 
networks (LAN) on global networks. 



15 



20 



Background 

Most enterprises are located at multiple sites where each site has its own local 
area network (LAN). A site is defined as anything from a head-quarter or an 
affiliation company site, to a single employee's remote office site. Some kind of 
communication infrastructure is then used to interconnect the different sites The 
Intex^et evolution can roughly be categorised into two main areas: 

a) Internet as the global communication infrastructure. Traditionally 
companies used so called leased lines, provided by telephone companies to 
interconnect their sites. Separated firewall solutions were used for accessing the 
Internet. During the last years, companies are no longer using Internet only for 
external communication, more and more companies are trying out new network 
solutions that enables them to also use Internet for company-internal 
communication. Internet has become their site-to-site interconnecting medium 

b) Broadband Internet access. In parallel with the above, more and more 
25 broadband access solutions are rolled out by different network access providers 

This enables anyone to upgrade their access to Internet from a traditional dial-up 
PSTN/ISDN (Public Switched Telephone Network/Integrated Services Digital 
Network) access solution to a broadband solution, e.g. ADSL (Asymmetric Digital 
Subscriber Line), Cable or Ethernet, with direct access to Internet. Apart from the 
30 obvious broadband benefits, the network access user is also able to always be 
connected to the Internet. 

The common name for most of the network solutions that interconnects 
multiple sites over Internet is 'Virtual private networks" (VPN). VPNs can be 
implemented in numerous ways, this is well explained in e.g. the IETF by B 
35 Gleeson et. al, "A Framework for IP Based Virtual private Networks" RFC ?764 
February 2000, IP meaning Internet Protocol. A VPN is a private network that is ' 
configured within a public network. For years, common carriers have built VPNs 
that appear as private national or international networks to the customer but 
physically share backbone trunks with other customers. VPNs enjoy the security of a 
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private network via access control and encryption, while taking advantage of the 
economies of scale and built-in management facilities of large public networks. 
Today, there is tremendous interest in VPNs over the Internet, especially due to the 
constant threat of hacker attacks. The VPN adds that extra layer of security, and a 
5 huge growth in VPN use is expected. In general, the different VPN solutions can be 
categorized into two main groups; customer premises equipment (CPE) based 
solutions or network based solutions. 

Internet is a public data network based on network paradigms such as equal 
and best effort traffic treatment. All traffic crossing the Internet is public and 
10 insecure resulting in a number of problems that need to be solved, e.g. end-to-end 
security communication between enterprise sites. Some problems have solutions 
supported by several VPN system vendors, such as encrypted IP tunnelling between 
end-users using the IPSec architecture described by S. Kent and R. Atkinson in 
"Security Architecture for the Internet Protocol", RFC 2401, 
15 November 1998, or stand-alone firewall solutions, desktop software VPN clients, 
e.g. Microsoft® VPN, etc. A PC that is connected to Internet can, not easily but it is 
possible, be used as a transit node by a hacker, e.g. the hacker could use a Trojan 
horse program to get inside the PC. Well inside, the Trojan horse program may be 
adapted to release application software that will act as some authenticated software 
20 installed by the owner of the PC. It is very difficult for layer 2 and 3 

firmware/software to detect this kind of malicious applications. Therefore, it is 
recommendable to have VPN control and management software and firmware 
functions and end-user applications, such as service login software, "authenticated" 
software applications that in some way uses the network infrastructure provided by 
25 the VPN service, separated on different hardware platforms. What generally should 
be avoided, is having PC clients that are responsible for configuring the actual VPN 
setup, i.e. having access to the lookup-table for other VPN members public IP 
addresses, having access to information on how to authenticate, perform integrity 
check and encrypt traffic aimed for the VPN etc. 
30 When a Virtual Private Network (VPN) is implemented as an emulated LAN 

on top of a standard IP network such as Internet, one have to provide for the 
broadcast functionality that is a basic (intrinsic) function on a level-2 media such as 
Ethernet. A number of broadcast based services are defined on the link-level. 
Examples are service discovery protocols and the layer-2 Address Resolution 
35 Protocol (ARP). The broadcast functionality could be implemented in different 
ways. Examples of different architectures are: 

Broadcast functionality implemented as a centralized server; 
Broadcast functionality implemented using IP multicast; 
Broadcast functionality implemented using emulated multicast. 
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ATM Forum's LANE (LAN Emulation) standard is an example of centralised 
server architecture. This server emulates the broadcast functionality on the LAN 
When a LAN Emulating Client (LEG) sends a broadcast the broadcast is sent to the 
BUS (Broadcast and Unknown Server) that relays this message to all of the other 
o clients on the emulated LAN. 

The technical problems with the described architecture are related to 
scalab ility and reliability. When a large number of LAN emulating clients are 
sending broadcasts to the broadcast server each client will experience a performance 
degradation of the broadcast service due to the load on the broadcast server. The 
10 traffic load on the link connecting the broadcast server will also increase with a 
large number of LAN clients. This will ultimately becomes a bottleneck This 
bottleneck will further reduce the broadcast performance experienced by the LAN 
clients. In addition to the performance problem, a single broadcast server will also 

15 ^AN POint ° f br ° adCaSt SefViCeS ° ffered by emulated 

t a at &S br ° adcast ^tonality is implemented by using TP multicast, the 
LAN emulating clients joins a multicast network. This network constitutes the 
broadcast medium for the emulated LAN. Obviously, to be able to use IP multicast 
as the broadcast medium, the clients have to interact with a multicast service offered 
20 by underlying IP network. This interaction could be done via a LAN emulating 

server, the management system of the emulated LAN or by other means. A technical 
Problem with tins solution is the dependency of the IP multicast functionality in the 
IP backbone and the need for the emulated LAN to interact with IP backbone. 

25 Summary of the invention 

According to first aspect of the invention, a system for emulating a local area 

network on top of a global communication network is provided. The system 

comprises clients units and a server which are connected to said global network 
™ f UT * e " n ° re ' ^ System com P rises * broadcast functionality for relaying messages 
30 to all chents in the emulated local area network. According to the invention said 

broadcast functionality is distributed and implemented in more than one network 

unit node in the emulated local area network. Said global network preferably acts as 

a backbone for the emulated local area network. 

In one embodiment a choice of which clients unit has an up and running 
35 broadcast functionality unit is defined by the server, and is based on predetermined 

performance criteria, such as available bandwidth to the backbone network 

Preferably the distributed broadcast functionality is hierarchically structured 

wherein a master and initial broadcast functionality unit, constituting the top of said 

hierarchy, is configured in said server. 



WO 03/003665 



4 



PCT/SEOI/01473 



In one embodiment the connections between the nodes of the emulated local 
area network are implemented as a multicast network transmitted through the global 
network. In another embodiment the connections between the nodes of the emulated 
local area network may is implemented as single-cast addresses, forming tunnels 
5 through said global network. 

Preferably each network unit having a distributed broadcasting functionality 
comprises means for executing an algorithm for preventing broadcast messages 
from being indefinitely sent between the network unit nodes having the distributed 
broadcasting functionality. In one embodiment this is arranged by an algorithm 
10 being based on a checksum of the broadcast packet, which checksum uniquely 
identifies the broadcast packet. The checksum is cached by the broadcasting 
functionality for the purpose of dropping subsequently arriving broadcast packets 
having the same checksum. In another embodiment another algorithm is used, based 
on a hop counter which is decremented by each broadcasting functionality unit upon 
15 arrival, said algorithm functioning to drop subsequent incoming packets when the 
counter has reached zero. 

Preferably said global network is an Internet Protocol network, such as the 
Internet. 

According to a second aspect of the invention, a method is provided for taking 
20 the steps described in this application, for emulating a distributed local area 
network. 



Brief description of the drawings 

Preferred embodiments of the invention are described below with references 
25 being made to the drawings, on which 

Fig. 1 illustrates the system overview according to an embodiment of the 
present invention; 

Fig. 2 illustrates traffic monitoring and session overtaking according to an 
embodiment of the present invention; 
30 Fig. 3 Illustrates a distributed broadcasting functionality based on a global 

network backbone, according to an embodiment of the invention; and 

Fig. 4 illustrates the hierarchical configuration of the broadcasting 
functionality according to an embodiment of the invention. 

Fig. 5 illustrates an emulated LAN on top of a global IP network, according to 
35 an embodiment of the invention. 



Detailed description of preferred embodiments 

According to one aspect, the system according to the present invention is based 
on a standard IP network like the public Internet. The system comprises multiple 
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VPN clients and at least one server. One server can be a distributed cluster of 
physical boxes. The VPN clients could be implemented as drivers on the client 
computer but are for security reasons preferably implemented in a stand alone 
hardware box. A purpose of this mechanism is to establish dynamic and secure 
5 Virtual Local area Networks between some or all of the clients. A virtual network is 
created by establishing connection groups in a VPN server. The server has a service 
device for keeping track of connected machines and mapping them to IP addresses 
In one embodiment this is obtained using ARP (Address Resolution Protocol) an IP 
protocol used to obtain a node's physical address. A client station sends an ARP 
10 request to the VPN server with the VPN internal IP address of the target node it 
wishes to communicate with, and the VPN server responds by sending back the 
external IP address so that packets can be transmitted. ARP returns the layer-2 
address for a layer-3 address. This mechanism also handles distribution of public 
keys to form complete security associations. For handling broadcasts an emulated 
15 broadcast service is implemented in the server, preferably using an IP multicast 
group or as a separate broadcast service. Data sent directly from one machine in the 
virtual network to another is tunnelled over IP directly to the IP address of the 
receiving client. The mechanism includes both the case where data packets are 
tunnelled directly over IP and when an layer-2 media such as Ethernet is bridged 
20 onto the IP network. 

Fig. 5 illustrates an embodiment of the system according to the present 
mechanism, wherein a network 4 comprises five nodes; four VPN clients 31-34 
with global addresses CI - C4, and a server S. All of these are connected to and 
have a valid address in the physical network 4. These nodes are interconnected 
25 usmg standard Internet routing procedures, but the clients 31 - 34 are not on the 
same LAN. On top of this network infrastructure, clients 31, 32 and 33 form a 
virtual network 30 with local addresses Dl, D2 and D3. In the illustrated case the 
clients in this VPN appear to be on the same local area network. The reason for this 
is the broadcast service, i.e. the service device, which delivers all packets for the 
30 local broadcast domain to all machines on the VPN 30. Thus service discovery 
mechanisms or layer-2 ARP operate transparently on top of the virtual network 
When client 31 on the VPN wants to transmit a packet directly to client 32 the 
client-software requests the physical address C2 from server S, based upon the local 
address D2, and possible security keys required for talking to D2 from S. Dl is then 
35 able to transmit the packet in a secure tunnel directly to D2 without passing the 
server S. 

The above provides an effective and user friendly mechanism for establishing 
Virtual Private Networks over generic IP connections. Broadcast services and 
service discovery protocols that normally require a direct layer-2 interconnection 
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may work independently of the actual network structure. It also provides the 
possibilities of distributed network broadcast handling, where rules and 
configuration options may be cached in the end nodes of the network instead of in a 
centralised server. The described mechanism is unique in that it presents a complete 
5 distributed emulated LAN on top of an IP network where access and attributes such 
as security associations are completely controlled by a server. Most current solutions 
uses static tunnels. Either permanent connections are set up between the members of 
the VPN or tunnel servers which basically works as modem pools only you "dial" an 
IP number. This means that all traffic no matter it's final destination goes through 
10 this one box. In particular traffic going to sites in the VLAN (Virtual LAN) other 
than that of the VLAN server comes in through the server access and turns. The 
broadcast service allows service discovery protocols designed for local networks to 
function on the VPN while the ARP mechanism allows for dynamic establishment 
of secure tunnels directly between endpoints. The well known LANE (LAN 
15 Emulation) standard was focused entirely on ATM (Asynchronous Transfer Mode) 
and featured no integrated security handling. Lane introduces, inter alia, the ability 
to connect Ethernet and Token Ring networks together via ATM. LANE makes the 
process transparent, requiring no modification to Ethernet and Token Ring stations. 
LANE allows common protocols, such as IP, IPX, AppleTalk and DECnet, to ride 
20 over an ATM backbone. LAN emulation has been implemented and verified over 
ATM. However, since the system architecture itself by design avoids sending all 
data through the server, the bottleneck problem with overloaded server links is 
completely avoided. 

In general, the target system relies on a decision scheme for a third-party 
25 overtaking of a client role in a two-party communication session. Turning to Fig. 1, 
the system processes comprises end user clients located at the end user premises 
equipment 1, a central VPN system server 2, and network edge located VPN system 
clients 3. Full lines indicate physical communication lines, whereas arrows indicate 
communicating ends, without specifying which route the communication takes 
30 between those communicating ends. 

The end user client process preferably resides in a PC, the VPN client process 
preferably resides within a standalone hardware unit, and the VPN server process 
resides within any kind of server hardware unit, such as an IBM® server. By 
process is here meant the functionality for the particular client or server, as 
35 described herein. The VPN server 2 and the VPN client 3 are parts of a VPN system 
that provides the end user client 1 with access to required VPNs. The end user client 
1 hardware is physically connected via a communication line 1 1 to the VPN client 3 
hardware. The VPN client 3 hardware is physically connected to a layer-two 
termination that enables the VPN client 3 to access Internet over a communication 
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'""' 2 , Ihe 'r"" 0 Pr ° tOCO ' " PreferaWy Ethemet but could V™*** be any 

Protocol) packets between IP nodes. The VPN server 2 is connected to Internet via a 
communication line 13 in the same way as the VPN client 3 
5 According to an embodiment of the target system the end user client 1 initiates 

a commumcanon session with toe VPN server 2 in order to acquire access to a 
vmual private network. Daring the initialisation phase, the VPN server 2 
authenticates and authorises the end user client 1 as a registered user of VPN 
10 7^, U,atare Pr ° Vided ^ "* VPN SSrVer Z 71,6 ™ <*« 3 ^ passive in that it 
SSXTH ^ inf0^na,i0,1 e ' ementS ^ ^ «*i The 
Tuie WN ster r' 018 * "* °— 21 - «" - cHen, 1 

^ initialisation phase between the end user client 1 and toe VPN server 

15 toat " d r° i " fOnnati0n ^ eKhanSed ' le « Parucular VPN 

"rl!~ .X St *" «- ™ <*« 3 becomes active and 

client 3 Th7^7"T " etWeen end USer client 1 * e V™ 

client 3. The VPN chent 3 now requests, if it is necessary because the VPN 

Z^TZT already ^ by *" cHent 3 ' WN configuration dam 

20 necessary VPN access parameters such as traffic classification parameters 
performance assurance parameters, or firewall parameters such as encryption 
authentication, filtering parameters, etc. 

" Ser CBei " ' " a " OWed '° USe different s <™** 2 but cannot have 
25 an end user client 1 toes to access a certain server 2. At this moment the VPN server 
2 is considered msecure until toe end user client 1 has authenticated the VPN seTer 
2 and also have been authenticated by the VPN server 2 

in H^ZIT 1 ," 1 ^ Si ° n OWrtakil,g SCenari ° S " *"»>«« ™» - detail 
to ^d! h , M 3 ° ne ^ domain - which is ■» <«er client 1 

of v.ew, the VPN server 2 is therefore located in the distrusted domain Since aU in 
and outgoing IP traffic ,o/from the end user den, passes through to"cnent 7 
hardware, the VPN cUent 3 is able to monitor toe Communication 2, between to 

5 TJZ^T 1 T T server z ™ s is «*" * - °«y * «» * « 

S ^ T a ^ *" * e WN CUent 3 is UDable *» *e IP traffic 

ulr cZr , » r6SideS ° n ^ <"« «*» «» » d 

uSie 2 Tk Z t ' emet WN 3 iS merefore able » ™°i'°' 22 all 

eXser c wT" *" ™" ^ ' "* dm °™' WN s — 2 •» whom toe 
ena user client l are registered as user. 
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The VPN client 3 identifies when the end user client 1 starts to establish 
contact with a VPN server 2. The VPN client 3 treats the end user client 1 side as a 
trusted party and the VPN server 2 as a distrusted party. The session establishment 
phase 21 between the end user client 1 and the VPN server 2 could be done in 
5 numerous ways, e.g. by a traditional challenge/response handshaking sequence. The 
communication 21 is primarily meant to be done by web based clients but other 
client/server process environment solutions are possible. When the handshaking 
sequence between the end user client 1 and the VPN server 2 has finished, the VPN 
client 3 takes over the communication session. The handshaking is considered 
10 finished when the VPN server 2 has authenticated and authorised the end user client 
1, and acknowledged the end user client 1 as a confirmed user. The VPN client 3 
will from now on undertake proxy roles towards both the end user client 1 and the 
VPN server 2. Towards the end user client 1, the VPN client 3 will act as a VPN 
server proxy, and towards the VPN server 2 as an end user client proxy. The end 
15 user client 1 will continue it's session in belief that it still communicates with the 
VPN server 2. The VPN client 3 will, using the VPN server proxy role, continue the 
VPN setup session with the end user client 1 . 

Further on, the VPN client 3 is now considering the VPN server 2 as a secure 
source and starts up communication sessions 23 with the VPN server 2 that enables 
20 the end user client 1 to be included as members in the requested VPN. 

In one embodiment the target system is implemented in a service provisioning 
system, where parts of the service functionality are distributed to system clients 
acting as server proxies. One technical advantages of the present system is that any 
hacker intrusions via an end user PC 1 are avoided by having critical 
25 software/firmware for control and management of VPN configuration data separated 
on standalone hardware 3. Another advantage is the automated overtaking of 
certified sessions. Another benefit is the plug-and-play behaviour for virtual 
services over Internet, which is made available through the system. The teachings of 
the present system thus differs from prior art technology, since earlier solutions to 
30 the problem have either been centralised server solutions, such as PSTN/ISDN 
modem-pool solutions, server centralised IP Sec tunnelling etc, or distributed 
solutions, which are only valid within one network operator intra-domain or within 
federated network operator domains. These solutions are generally referred to as 
network based VPN systems. The present system will function independently of 
35 whether or not the different VPN client users access the same network operator 
domain or a federated network domain or have access to totally independent 
network operator domains. 

An emulated multicast comprises one or preferably several broadcast servers 
connected to the emulated LAN. The connection between the LAN emulating client 
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LEC, herein also referred to as the VPN client, and the broadcast servers can be 
realised as tunnels or by other means. The broadcast servers can be confined 
dynamically by a LAN Emulating Server (LES) or in a static fashion via I 
management system. 

5 In one embodiment of the present invention, illustrated in Fig. 3, the system 

comprises a distributed architecture of broadcast servers on an emulated LAN The 
LAN is emulated on top of a standard IP network like the Internet. That is, the IP 
network acts as a backbone for the emulated LAN. In Fig. 3, pLAN stands for 
physical LAN, as opposed to a virtual LAN. PC indicates, in this embodiment, an 

10 ordinary personal computer, but may just as well be some other type of data 
communication device. The emulated LAN is implemented on top of a standard 
global network, preferably an IP network, such as the Internet and functions to 
extend the physical LAN seen on the left hand side of Fig. 3 to other, and distant • 
locations such as the pLAN in the right hand side of Fig. 3, or the other PCs. The 

15 emulated LAN comprises connections between the LAN Emulating Clients (LECs) 

t a m _ " 7 ' " a * c ^ aic Pnysicai unit and acts as a bridge between the 

PLAN and the emulated LAN node. A LAN Emulating Server (LES) performs the 
management of the emulated LAN and the connected LECs. 

The Broadcast and Unknown Server (BUS) functionality could be 
20 implemented in the LEC, as a separate unit connected to the IP network, and/or 

implemented in the LES. Different configurations are shown in Fig. 3. If the BUS is 
implemented in the LECs, the function lay dormant in most of the LECs and in 
Wtion in some Some, but not all of the LECs have a running BUS functionality. 

9, 1 ? h LEC ** haS UP BUS is defined by the LES 

25 and based on different performance criteria such as available bandwidth to the IP 
backbone and/or the number of units connected to the pLAN etc. 

The BUSes are preferably arranged in a logical hierarchical architecture as 
shown in Fig. 4. By using a hierarchical or tree structure the efficiency is enhanced 
The master and initial BUS, the LES BUS, is configured in the LES. By using 
several BUSes the load on the system implementing the broadcast functionality will 
be shared. Further, the distributed architecture will give a load sharing on the links 
connecting the BUSes. As a consequence of the distributed architecture there is no 
sing e point of failure for the broadcast functionahty. When a LEC connects to an 

35 ButT^f reCdVeS inf0imati0 * from *e LES about the available 
BUSes. The LES may at this stage configure the connecting LEC to start its BUS 
func^onahty The connections between the LEC and the BUSes, forming the nodes 
of the emulated local area network, may be implemented as a multicast network or 
as single-cast addresses, i.e. tunnels, to each of the other LECs. 

Each BUS will have an algorithm in order to exclude the possibility of a 
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"broadcast storm" where broadcast messages indefinitely are sent between the 
BUSes. The algorithm could be based on a checksum of die broadcast packet. This 
checksum will uniquely identify the broadcast packet and is cached by the BUS. If 
another broadcast packet arrives with the same checksum the packet will be dropped 

5 and not forwarded. In an alternative embodiment another algorithm is used, based 
on a hop counter, similar the Time To Live (TTL) parameter used in IP networks. 
The counter will be decremented by each BUS. When the counter reaches zero the 
packet will be dropped and not forwarded. 

The invention according to this description may hence be used in a VPN based 

10 on an emulated LAN on top of IP network. The invention according to the 
. description also differs from earlier known technology, since existing VPN 

solutions use a single broadcast server, and a technical advantage is that it enhances 
the scalability of VPN implementations. 

15 
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Claims 



L^rc 8 a ,ocai netw ° rk ° n top ° f a gi ° bai «— **» 

network (4), the system comprising clients units (LEC) and a server (LES1 whirl, 
5 a. connected «o said giobal network (4), and a broadcast ft^SSJE 
re ymg messages «o all clients in the etrndated loca! area network, charac,^ i„ 
that said broadcast functionality is distribnted and implements in more to onf 
network umt node in the emulated local area network 

10 JL The system as recited in claim 1, wherein me global network acts as a backbone 
for the emulated local area network. oacKDone 

3. The system as recited in claim 2, wherein a choice of which chents unit (LEO 

15 ^Z m s ..T broadcast unit (BUS) is defi -« b ? 

(LES) and is based on predetermined performance criteria. 

vZ^Ts^Z 1 - wherem said — 

20 5. The system as recited in claim 4, wherein a master tod initial broadcast 
functionality (LES BUS) unit is configured in said server (LES). 

*e e^u.atedTo^'' 6 ' 1 ^ T " ^ C ™ 0nS >~ *» «*. of 
tite emulated local area network may is implemented as a multicast network 
25 transmitted through the global network. cast network 

L ™ uSTocT^ " cl T 1 • wherein 0,6 c ™ ons «» of 

Uie emulated local area network may is implemented as single-cast addresses 
fomung tunnels through said global network addresses, 

30 

"ig runcuonahty (BUS) compnses means for executin- an algorithm for 
preventxng broadcast messages from being indefinitely sent betwCn ^Teto* 
umt nodes having the distributed broadcasting functionality (B J S ) 

o'f ^^^^ 8 k Wherdn ^ ^ ^ 1S ^ ° n * 
and is cached bv the k T identifies 1116 broadc ** Packet 

broadcast^ functionality (BUS) for the purpose of dropping 
subsequently arnvmg broadcast packets having the same checksum 



35 
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10. The system as recited in claim 8, wherein said algorithm is based on a hop 
counter which is decremented by each broadcasting functionality (BUS) unit upon 
arrival, said algorithm functioning to drop subsequent incoming packets when the 

5 counter has reached zero. 

11. The system as recited in any of the previous claims, wherein said global network 
is an Internet Protocol network. 
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